119 lines
3.4 KiB
C++
119 lines
3.4 KiB
C++
/*!
|
|
* PaceHandler.h
|
|
*
|
|
* \brief Handler for the PACE protocol. See TR-03110.
|
|
*
|
|
* \copyright Copyright (c) 2014 Governikus GmbH & Co. KG
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include "asn1/PACEInfo.h"
|
|
#include "asn1/SecurityInfos.h"
|
|
#include "CardConnectionWorker.h"
|
|
#include "EnumHelper.h"
|
|
#include "pace/KeyAgreement.h"
|
|
#include "pace/KeyDerivationFunction.h"
|
|
|
|
#include <QByteArray>
|
|
#include <QSharedPointer>
|
|
#include <QString>
|
|
|
|
class test_PaceHandler;
|
|
|
|
namespace governikus
|
|
{
|
|
class PaceHandler
|
|
{
|
|
friend class ::test_PaceHandler;
|
|
|
|
private:
|
|
const QSharedPointer<CardConnectionWorker> mCardConnectionWorker;
|
|
QSharedPointer<KeyAgreement> mKeyAgreement;
|
|
QSharedPointer<const PACEInfo> mPaceInfo;
|
|
QByteArray mIdIcc;
|
|
QByteArray mEncryptionKey;
|
|
QByteArray mMacKey;
|
|
QByteArray mChat;
|
|
QByteArray mCarCurr, mCarPrev;
|
|
|
|
/*!
|
|
* \brief checks for implementation support
|
|
*/
|
|
bool isSupportedProtocol(const QSharedPointer<const PACEInfo>& pPaceInfo) const;
|
|
|
|
/*!
|
|
* \brief Perform initialization of the handler. During initialization the PACE protocol parameters to be used are determined.
|
|
* \param pEfCardAccess the card's EFCardAccess containing all supported protocol parameters
|
|
* \return the initialization result
|
|
*/
|
|
bool initialize(const QSharedPointer<const EFCardAccess>& pEfCardAccess);
|
|
|
|
/*!
|
|
* \brief Transmit the MSE:Set AT command to the card.
|
|
* \param pPinId the PIN id to use, e.g. PIN, CAN or PUK
|
|
* \return false on any card errors
|
|
*/
|
|
bool transmitMSESetAT(PACE_PIN_ID pPinId);
|
|
|
|
Q_DISABLE_COPY(PaceHandler)
|
|
|
|
public:
|
|
PaceHandler(const QSharedPointer<CardConnectionWorker>& pCardConnectionWorker);
|
|
|
|
/*!
|
|
* \brief Performs the PACE protocol and establishes a PACE channel.
|
|
* \param pPinId the PIN id to use, e.g. PIN, CAN or PUK
|
|
* \param pPin the PIN value, e.g. "123456"
|
|
* \return false on any errors during establishment
|
|
*/
|
|
CardReturnCode establishPaceChannel(PACE_PIN_ID pPinId, const QString& pPin);
|
|
|
|
/*!
|
|
* \brief The certificate holder authorization template to be supplied to the card. May be empty
|
|
*/
|
|
void setChat(const QByteArray& pChat);
|
|
|
|
/*!
|
|
* \brief During PACE protocol an encryption key is determined. This method returns this key.
|
|
* I. e. the output of KDF_enc according to TR-03110 Part 3 chapter A.2.3.
|
|
* \return the encryption key
|
|
*/
|
|
const QByteArray& getEncryptionKey() const;
|
|
|
|
/*!
|
|
* \brief During PACE protocol a MAC key is determined. This method returns this key.
|
|
* I. e. the output of KDF_mac according to TR-03110 Part 3 chapter A.2.3.
|
|
* \return the MAC key
|
|
*/
|
|
const QByteArray& getMacKey() const;
|
|
|
|
/*!
|
|
* \brief During PACE protocol a certificate authority reference (CAR) may be determined. This method returns this CAR.
|
|
* The CAR is determined, if a CHAT was supplied, \see setChat
|
|
* \return the card's CAR number 1
|
|
*/
|
|
const QByteArray& getCarCurr() const;
|
|
|
|
/*!
|
|
* \brief During PACE protocol a certificate authority reference (CAR) may be determined. This method returns this CAR.
|
|
* The CAR is determined, if a CHAT was supplied, \see setChat
|
|
* \return the card's CAR number 2
|
|
*/
|
|
const QByteArray& getCarPrev() const;
|
|
|
|
/*!
|
|
* \brief The IDicc is the card's compressed ephemeral public key.
|
|
* \return the card's compressed ephemeral public key
|
|
*/
|
|
const QByteArray& getIdIcc() const;
|
|
|
|
/*!
|
|
* The used PACE protocol.
|
|
* \return the PACE protocol OID as string.
|
|
*/
|
|
QByteArray getPaceProtocol() const;
|
|
};
|
|
|
|
} /* namespace governikus */
|